Key Responsibilities Administer and maintain Splunk Enterprise Security (ES) environment. Manage index lifecycle, retention policies, and storage optimization Develop, optimize, and maintain correlation searches and use cases Align detections with frameworks like MITRE ATT&CK Create and enhance Splunk dashboards, reports, and alerts Integrate new log sources and data inputs (cloud, network, endpoint, apps) Normalize and onboard logs using CIM (Common Information Model) Tune Data Models, tags, event types Provide advanced support for incident investigations escalated from L1/L2 Conduct deep forensic analysis using Splunk data Support incident response activities and root cause analysis Work closely with SOC analysts to improve detection and response workflows Integrate Splunk with SOAR platforms Support API integrations with external security tools Investigate issues with Data Ingestion/latency/inputs Optimize queries and reduce search execution time Maintain Splunk architecture documen...